244851
|
5.0 |
MEDIUM
|
icewarp merak
|
web_mail mail_server
|
Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directori…
|
NVD-CWE-Other
|
CVE-2005-3133
|
2016-10-18 12:32 |
2005-10-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244852
|
7.5 |
HIGH
|
twiki
|
twiki
|
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUser…
|
NVD-CWE-Other
|
CVE-2005-2877
|
2016-10-18 12:31 |
2005-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244853
|
7.5 |
HIGH
|
gnu
|
mailutils
|
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
|
NVD-CWE-Other
|
CVE-2005-2878
|
2016-10-18 12:31 |
2005-09-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244854
|
2.1 |
LOW
|
advansysperu_software
|
usb_lock_auto-protect
|
Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection.
|
NVD-CWE-Other
|
CVE-2005-2879
|
2016-10-18 12:31 |
2005-09-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244855
|
7.5 |
HIGH
|
checkpoint
|
connectra_ngx
|
Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions.
|
NVD-CWE-Other
|
CVE-2005-2889
|
2016-10-18 12:31 |
2005-09-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244856
|
5.0 |
MEDIUM
|
stylemotion
|
web_news
|
WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.…
|
NVD-CWE-Other
|
CVE-2005-2897
|
2016-10-18 12:31 |
2005-09-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244857
|
4.3 |
MEDIUM
|
cj_design
|
cj_tag_board
|
Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date, (2) time, (3) name, (4) ip, (5) ag…
|
NVD-CWE-Other
|
CVE-2005-2899
|
2016-10-18 12:31 |
2005-09-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244858
|
4.3 |
MEDIUM
|
cj_desing
|
cjlinkout
|
Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 allows remote attackers to inject arbitrary web script or HTML via the 123 parameter.
|
NVD-CWE-Other
|
CVE-2005-2900
|
2016-10-18 12:31 |
2005-09-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244859
|
4.3 |
MEDIUM
|
cj_desing
|
cjweb2mail
|
Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message, or (3) ip parameter to thankyou.php …
|
NVD-CWE-Other
|
CVE-2005-2901
|
2016-10-18 12:31 |
2005-09-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244860
|
5.0 |
MEDIUM
|
zebedee
|
zebedee
|
Zebedee 2.4.1, when "allowed redirection port" is not set, allows remote attackers to cause a denial of service (application crash) via a zero in the port number of the protocol option header, which …
|
NVD-CWE-Other
|
CVE-2005-2904
|
2016-10-18 12:31 |
2005-09-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244861
|
5.0 |
MEDIUM
|
gtkdiskfree
|
gtkdiskfree
|
The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file.
|
NVD-CWE-Other
|
CVE-2005-2918
|
2016-10-18 12:31 |
2005-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244862
|
2.1 |
LOW
|
arc
|
arc
|
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
|
NVD-CWE-Other
|
CVE-2005-2945
|
2016-10-18 12:31 |
2005-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244863
|
2.1 |
LOW
|
-
|
-
|
KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess.
|
NVD-CWE-Other
|
CVE-2005-2948
|
2016-10-18 12:31 |
2005-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244864
|
7.5 |
HIGH
|
mark_d._roth
|
pam_per_user
|
pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other us…
|
NVD-CWE-Other
|
CVE-2005-2949
|
2016-10-18 12:31 |
2005-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244865
|
4.3 |
MEDIUM
|
miva
|
miva_merchant
|
Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter.
|
NVD-CWE-Other
|
CVE-2005-2953
|
2016-10-18 12:31 |
2005-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244866
|
4.6 |
MEDIUM
|
adaptive_technology_resource_centre
|
atutor
|
config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute a…
|
NVD-CWE-Other
|
CVE-2005-2955
|
2016-10-18 12:31 |
2005-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244867
|
5.0 |
MEDIUM
|
adaptive_technology_resource_centre
|
atutor
|
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain…
|
NVD-CWE-Other
|
CVE-2005-2956
|
2016-10-18 12:31 |
2005-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244868
|
7.5 |
HIGH
|
avira
|
desktop
|
Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename…
|
NVD-CWE-Other
|
CVE-2005-2957
|
2016-10-18 12:31 |
2005-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244869
|
4.3 |
MEDIUM
|
compaq
|
compaqhttpserver
|
Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error pa…
|
NVD-CWE-Other
|
CVE-2005-2982
|
2016-10-18 12:31 |
2005-09-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244870
|
7.5 |
HIGH
|
oracle
|
reports
|
SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramfor…
|
CWE-89
SQLインジェクション
|
CVE-2005-2983
|
2016-10-18 12:31 |
2005-09-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244871
|
2.1 |
LOW
|
symantec
|
norton_antivirus
|
Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.…
|
NVD-CWE-Other
|
CVE-2005-2766
|
2016-10-18 12:30 |
2005-09-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244872
|
7.5 |
HIGH
|
mybulletinboard
|
mybulletinboard
|
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter.
|
NVD-CWE-Other
|
CVE-2005-2778
|
2016-10-18 12:30 |
2005-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244873
|
5.0 |
MEDIUM
|
-
|
-
|
The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attac…
|
NVD-CWE-Other
|
CVE-2005-2779
|
2016-10-18 12:30 |
2005-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244874
|
4.3 |
MEDIUM
|
neocrome
|
land_down_under
|
Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature.
|
NVD-CWE-Other
|
CVE-2005-2780
|
2016-10-18 12:30 |
2005-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244875
|
5.0 |
MEDIUM
|
cosmoshop
|
cosmoshop
|
Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter.
|
NVD-CWE-Other
|
CVE-2005-2786
|
2016-10-18 12:30 |
2005-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244876
|
7.2 |
HIGH
|
urban
|
urban
|
Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.
|
NVD-CWE-Other
|
CVE-2005-2810
|
2016-10-18 12:30 |
2005-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244877
|
4.3 |
MEDIUM
|
-
|
-
|
Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when…
|
NVD-CWE-Other
|
CVE-2005-2816
|
2016-10-18 12:30 |
2005-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244878
|
7.5 |
HIGH
|
barracuda_networks
|
barracuda_spam_firewall
|
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
|
NVD-CWE-Other
|
CVE-2005-2847
|
2016-10-18 12:30 |
2005-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244879
|
6.4 |
MEDIUM
|
barracuda_networks
|
barracuda_spam_firewall
|
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (…
|
NVD-CWE-Other
|
CVE-2005-2849
|
2016-10-18 12:30 |
2005-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244880
|
4.3 |
MEDIUM
|
nikto
|
nikto
|
Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly in…
|
NVD-CWE-Other
|
CVE-2005-2860
|
2016-10-18 12:30 |
2005-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244881
|
7.5 |
HIGH
|
road_runner
|
adsl_road_runner_modem
|
ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access.
|
NVD-CWE-Other
|
CVE-2005-2862
|
2016-10-18 12:30 |
2005-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244882
|
4.3 |
MEDIUM
|
open_webmail
|
open_webmail
|
Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.
|
NVD-CWE-Other
|
CVE-2005-2863
|
2016-10-18 12:30 |
2005-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244883
|
2.1 |
LOW
|
-
|
-
|
URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files.
|
NVD-CWE-Other
|
CVE-2005-2864
|
2016-10-18 12:30 |
2005-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244884
|
5.0 |
MEDIUM
|
ecw-shop
|
ecw-shop
|
ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the tota…
|
NVD-CWE-Other
|
CVE-2005-2623
|
2016-10-18 12:29 |
2005-08-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244885
|
5.0 |
MEDIUM
|
cpaint
|
cpaint
|
Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly …
|
NVD-CWE-Other
|
CVE-2005-2624
|
2016-10-18 12:29 |
2005-08-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244886
|
7.5 |
HIGH
|
cpaint
|
cpaint
|
Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is …
|
NVD-CWE-Other
|
CVE-2005-2625
|
2016-10-18 12:29 |
2005-08-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244887
|
7.5 |
HIGH
|
phptb
|
topic_boards
|
Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute…
|
NVD-CWE-Other
|
CVE-2005-2633
|
2016-10-18 12:29 |
2005-08-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244888
|
7.5 |
HIGH
|
phpfreenews
|
phpfreenews
|
Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) t…
|
NVD-CWE-Other
|
CVE-2005-2637
|
2016-10-18 12:29 |
2005-08-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244889
|
4.3 |
MEDIUM
|
phpfreenews
|
phpfreenews
|
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.ph…
|
NVD-CWE-Other
|
CVE-2005-2638
|
2016-10-18 12:29 |
2005-08-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244890
|
7.5 |
HIGH
|
valusoft
|
chris_moneymakers_world_poker_championship
|
Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.
|
NVD-CWE-Other
|
CVE-2005-2639
|
2016-10-18 12:29 |
2005-08-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244891
|
5.0 |
MEDIUM
|
neoteris juniper netscreen
|
instant_virtual_extranet netscreen_screenos ns-10 ns-100 ns-204 ns-500 ns-50ns25 netscreen-5gt netscreen-idp netscreen-idp_10 netscreen-idp_100 netscreen-idp_1000 …
|
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid user…
|
NVD-CWE-Other
|
CVE-2005-2640
|
2016-10-18 12:29 |
2005-08-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244892
|
5.0 |
MEDIUM
|
tor
|
tor
|
Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor server…
|
NVD-CWE-Other
|
CVE-2005-2643
|
2016-10-18 12:29 |
2005-08-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244893
|
2.1 |
LOW
|
whisper32
|
whisper32
|
Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory.
|
NVD-CWE-Other
|
CVE-2005-2664
|
2016-10-18 12:29 |
2005-08-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244894
|
7.5 |
HIGH
|
elm_development_group
|
elm
|
Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header.
|
NVD-CWE-Other
|
CVE-2005-2665
|
2016-10-18 12:29 |
2005-08-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244895
|
7.5 |
HIGH
|
phpkit
|
phpkit
|
Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/…
|
NVD-CWE-Other
|
CVE-2005-2683
|
2016-10-18 12:29 |
2005-08-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244896
|
5.0 |
MEDIUM
|
ibm
|
lotus_notes
|
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field i…
|
NVD-CWE-Other
|
CVE-2005-2696
|
2016-10-18 12:29 |
2005-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244897
|
7.5 |
HIGH
|
mybulletinboard
|
mybulletinboard
|
SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this is…
|
NVD-CWE-Other
|
CVE-2005-2697
|
2016-10-18 12:29 |
2005-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244898
|
4.6 |
MEDIUM
|
phpkit
|
phpkit
|
Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ dire…
|
NVD-CWE-Other
|
CVE-2005-2699
|
2016-10-18 12:29 |
2005-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244899
|
7.5 |
HIGH
|
mplayer
|
mplayer
|
Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via crafted PCM audio data, as demonstrated using a video file with an audio header contai…
|
NVD-CWE-Other
|
CVE-2005-2718
|
2016-10-18 12:29 |
2005-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244900
|
5.0 |
MEDIUM
|
foojan
|
php_weblog
|
Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which rev…
|
NVD-CWE-Other
|
CVE-2005-2722
|
2016-10-18 12:29 |
2005-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|